Difference between revisions of "DrupalCon2012 notes"
From Earth Science Information Partners (ESIP)
(Created page with "DrupalCON Denver 2012 – Notes by Ajinkya Kulkarni Keynote (3/20) by Dries Buytaert : Winning the hearts and minds through innovation · Drupal 7 grew 2.5 times fast...") |
esip>User68 |
||
Line 5: | Line 5: | ||
Keynote (3/20) by Dries Buytaert : Winning the hearts and minds through innovation | Keynote (3/20) by Dries Buytaert : Winning the hearts and minds through innovation | ||
− | + | * Drupal 7 grew 2.5 times faster than Drupal 6 (counted against first 10,000 installations) | |
− | + | * Drupal weaknesses: | |
− | + | * Rudimentary authoring experience | |
− | + | * Aging web development framework | |
− | + | * Small Drupal talent pool | |
− | + | * Not mobile friendly | |
− | + | * Opportunities for Drupal: | |
− | + | * 1.5 million Drupal sites | |
− | + | * 6.7% of all CMS sites use Drupal | |
− | + | * 30% of all sites are CMS | |
− | + | * 25x growth over next 5 year | |
− | + | * Drupal 8 : Embraces Symfony 2, Restful web services, HTML5 responsive design | |
− | + | * Symfony 2: Set of reusable PHP component, robust, well tested, healthy welcoming community | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Keynote (3/21) by Mitchell Baker : Collaborative Development, the "Maker" Ethic and Internet Freedom | Keynote (3/21) by Mitchell Baker : Collaborative Development, the "Maker" Ethic and Internet Freedom | ||
− | + | * Importance of open building blocks | |
− | + | * Ability to create | |
− | + | * Ability to participate | |
− | + | * Precursor to Internet freedom | |
− | + | * Mozilla’s mission | |
− | + | * Consumer products (Firefox, marketplace, open web devices) | |
− | + | * Web Maker (journalism, films, learners ) | |
+ | * Web building blocks: HTML/CSS, JSàMobileàVideoàIdentityàSocial àOpen WebAppsàWebMakes | ||
+ | * New technologies from Mozilla | ||
+ | * Boot to Gecko http://www.mozilla.org/en-US/b2g/ in partnership with Telefónica | ||
+ | * HTML5 Media Framework http://popcornjs.org/ ,Drupal Module: https://github.com/douglasmiller/drupal-popcorn, Demo: http://webmademovies.etherworks.ca/popcorndemo/ | ||
+ | * Single Sign On :http://www.mozilla.org/en-US/persona/ | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Keynote (3/22) by Luke Wroblewski : Mobile First | Keynote (3/22) by Luke Wroblewski : Mobile First | ||
− | + | * Web products should be designed for mobile first | |
− | + | * Designing the mobile app first forces us to strip down to essentials | |
− | + | * 371K babies born per day , 1.5 million mobile devices activated per day | |
− | + | * 6 billion mobile connections, 12 billion in 2020 | |
− | + | * $131 M PayPal mobile payments processed in 2009, $4B in 2011 | |
− | + | * Twitter 55% mobile users | |
− | + | * Pandora 70% mobile users | |
− | + | * Yelp 85% searches on mobile | |
− | + | * Facebook 50% mobile web traffic | |
− | + | * Reduce request and file size | |
− | + | * Take advantage of HTML5 | |
− | + | * Design for speed: adaptive pre-loading | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Tame the Burrito: Understanding the Five Layers of Drupal | Session: Tame the Burrito: Understanding the Five Layers of Drupal | ||
− | + | * Caching problem: Each module tries to implement its own caching mechanism | |
− | + | * Drupal: 5 layer stack | |
− | + | #Web framework (e.g. HTTP Request, Response caching, Database access ) | |
− | + | #Building Blocks (e.g. Nodes, Fields, Views, Regions, Blocks) | |
− | + | #Building Tools (e.g. Field UI, Views UI, Features, Drush, Admin structure) | |
− | + | #Distinct Features (e.g. My Dashboard, Photo Gallery, Newsletter, Surveys, Wikis) | |
− | + | #Products (e.g. Drupal Garden, OpenPublic, The Grammies) | |
− | + | * Separate form validation logic from Drupal form validation API so that Drush, SimpleTest or installation profile can use it | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Native Mobile Application Development on Drupal | Session: Native Mobile Application Development on Drupal | ||
− | + | * Why not native? | |
− | + | #Titanium supports multiple devices | |
+ | #Rapid Prototyping | ||
+ | * Why Native? | ||
+ | #Faster Performance | ||
+ | #Manage errors on side of stack | ||
+ | #No waiting on API update | ||
+ | * Development process | ||
+ | #Get idea on paper | ||
+ | #Wireframe ( Use tools: Briefs or Omnigraffle) | ||
+ | #Design | ||
+ | #Development | ||
− | + | * Mobile Stack: | |
− | + | **Mobile Apps ßServices ßDrupal | |
− | + | * Tools: | |
− | + | ** Drupal iOS SDK https://github.com/workhabitinc/drupal-ios-sdk | |
− | + | **Android Drupal APIs: Dandy https://github.com/workhabitinc/dandy | |
− | + | ** Service log http://drupal.org/project/services_log | |
− | + | ** Services module: use Oauth 3 legged authentication | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Science on Drupal | Session: Science on Drupal | ||
− | + | * Drupal uses in science | |
− | + | * Libraries | |
− | + | * OpenScholar | |
− | + | * Social science | |
− | + | * Drupal test portal driven by VIVO . VIVO is a simple CMS ,uses RDF and OWL , available as VM | |
− | + | * Amazon Mechanical Turk Integration | |
− | + | * DNA/RNA databases | |
− | + | * Pubic facing research showcase | |
− | + | * Archive & preserve data | |
− | + | * Medical data | |
− | + | * podaac.jpl.nasa.gov | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: ESIP Commons | Session: ESIP Commons | ||
− | + | * Notes by Erin: https://docs.google.com/a/esipfed.org/document/d/1qCBTHuKXhorEBZ7hpyKydCEnONmPGqqhnZdVdPaYYLo/edit?pli=1 | |
− | |||
Session: Drupal Security for Coders - How to Avoid "All Your Base Are Belong To Us" | Session: Drupal Security for Coders - How to Avoid "All Your Base Are Belong To Us" | ||
− | + | * Why care? | |
− | + | * Security is business | |
− | + | * Affects your good name | |
− | + | * Your site is useful for bad guys no matter if it is big or small | |
− | + | * Keep up to date | |
− | + | * Subscribe to security advisory emails | |
− | + | * Have a consistent method for updating your site | |
− | + | * Checklist: | |
− | + | * Other than admin do not let anyone use Full HTML or PHP filter | |
− | + | * Most vulnerabilities are in custom theme and templates | |
− | + | * Use Drupal DB APIs | |
− | + | * Use Drupal Form API | |
− | + | * In doubt? Use check_plain() | |
− | + | * For URL: check_url() | |
− | + | * For plain text: check_plain() | |
− | + | * For Rich text: check_markup() | |
− | + | * For HTML: filter_xss() | |
− | + | * XSS is major vulnerability, SQL injection is another | |
− | + | * Failure to escape user input or output | |
− | + | * You can do almost anything | |
− | + | * http://drupalsecurityreport.org/ | |
− | + | * In DB APIs, use place holder | |
− | + | * XSS can happen via IMG tags | |
− | + | * Can run JS on 3rd party site | |
− | + | * Both GET and POST are vulnerable | |
− | + | * Form tokens or URL tokens tied to your session protect your | |
− | + | * When not using form API, use drupal_get_token() and drupal_valid_token(). See Flag module for example | |
− | + | * Dev/Themer Harmony | |
− | + | * User preprocess functions to provide safe variables for use in theme template | |
− | + | * In Drupal 7 may need to be used with render() | |
− | + | * JS can do XSS better than humans | |
− | + | * Just loading a malicious third party site can hack your Drupal account | |
− | + | * CSRF: | |
− | + | ** Use form token when there is a link to click | |
− | + | ** Own caching can have problem: Need per use cache | |
− | + | ** Do not use password based SSH (use key based SSH) | |
− | + | * Drupal 7: $query->addTag(‘node_access’); | |
− | + | * Drupal Modules: | |
− | + | ** security_review | |
− | + | * Coder | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Fast flexible architecture | Session: Fast flexible architecture | ||
− | + | * Engineering axes | |
+ | * Fast to run | ||
+ | * Low memory | ||
+ | * Scalability | ||
+ | * Modifiability | ||
+ | * Extensibility | ||
+ | * Human axes: | ||
+ | ** Usability /UX for end users | ||
+ | ** Understandability for developers | ||
+ | ** Learnability for both | ||
+ | ** Maintainability | ||
+ | * Command line is very powerful | ||
+ | **§ Graphical is learnable, slows down interface | ||
+ | * QA axes | ||
+ | ** Testability – ability to write test | ||
+ | ** Verifiability – code will do what is supposed to do | ||
+ | * Who cares? | ||
+ | ** Your client | ||
+ | ** Your boss | ||
+ | ** You in 6 months (to fix performance & scalability) | ||
+ | * To what extent do I care about mobile: | ||
+ | ** Responsive design limits | ||
+ | ** Target Audience | ||
+ | ** Look at traffic logs, browser stats | ||
+ | ** Responsive design is not always needed | ||
+ | ** Hand coding is ok for site –specific | ||
+ | ** Node reference in Drupal 5 loads all node: very bad | ||
+ | ** Overridable by any module or by any specific site | ||
+ | * Do I care if operation is fast? | ||
+ | ** Modifiability vs. performance | ||
+ | ** Expediency vs. Modifiability | ||
+ | ** Extensibility vs. Testability | ||
+ | ** Extensibility vs. Understability | ||
+ | ** Verifiability vs. Expediency | ||
+ | * Can’t prove PHP code is correct mathematically ( do not use for nuclear reactor) | ||
+ | * Your job is to balance -> what is worth my time -> write most appropriate code | ||
+ | * Drupal assumes everything a page -> symphony solves this problem -> serves only parts -> symphony already implemented what Drupal 8 wanted | ||
+ | * Put varnish & memcache at least ( Acquia cloud & Pantheon uses it) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Symfony | Session: Symfony | ||
− | + | * ‘Drupal way’ is not used in other PHP community | |
− | + | * Drupal is barriers to entry for developer | |
− | + | * Refactor towards a ‘framework’ core | |
− | + | * Drupal needs more standardized framework | |
− | + | * Synfony 2 is MIT licensed , on github | |
− | + | * Synfony 2 is a reusable set of standalone cohesive PHP components that solve common web development problems | |
− | + | * An object oriented set of classes | |
− | + | * Compatible with PHP 5.3 & later | |
− | + | * A full stack web framework | |
− | + | * http://tools.ietf.org/html/rfc2616 must read for PHP developer | |
− | + | * http://en.wikipedia.org/wiki/Edge_Side_Includes | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Views for developer | Session: Views for developer | ||
− | + | * Views Modules | |
− | + | * Views slideshow module | |
− | + | * Views bulk operation | |
− | + | * Semantic view module | |
− | + | * Views link area module | |
− | + | * Display suite module | |
− | + | * Fences module | |
− | + | * Result /page summaries | |
− | + | * Views documentation http://api.drupal.org/api/views/groups | |
− | + | * Webform views integration https://github.com/derhasi/webform/tree/master/views , https://github.com/derhasi/webform/blob/master/views/webform.views.inc | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Drush 5 | Session: Drush 5 | ||
− | + | * New features | |
− | + | * Shell –alias | |
− | + | * Windows compatible installer sponsored by Microsoft | |
− | + | * Drush make in Drush core | |
− | + | * Drush Autocomplete | |
− | + | * Built in server | |
− | + | * Drush quickdrupal command | |
− | + | * Drush runner for Queue api | |
− | + | * Drush support for multi site setup | |
− | + | * Drush site-set command | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Session: Delivering Drupal | Session: Delivering Drupal | ||
− | + | * Everybody needs to use Jenkins: http://jenkins-ci.org/ & http://jenkins-php.org/ | |
− | + | *Use PHP build systems : http://www.phing.info/trac/, https://github.com/indeyets/pake/wiki , https://github.com/mlively/Phake/wiki | |
− | + | *Try http://drupal.org/project/stage_file_proxy, http://drupal.org/project/deploy | |
− | + | *For code deploy http://drupal.org/project/drush_deploy | |
− | + | *Use PHPUnit, selenium etc | |
− | + | *Ruby:https://github.com/jnicklas/capybara | |
− | + | *http://cukes.info/ | |
− | + | *PHP : http://behat.org/ | |
− | + | * Vagrant: http://vagrantup.com/, http://drupal.org/project/vagrant | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 00:03, October 4, 2021
DrupalCON Denver 2012 – Notes by Ajinkya Kulkarni
Keynote (3/20) by Dries Buytaert : Winning the hearts and minds through innovation
- Drupal 7 grew 2.5 times faster than Drupal 6 (counted against first 10,000 installations)
- Drupal weaknesses:
- Rudimentary authoring experience
- Aging web development framework
- Small Drupal talent pool
- Not mobile friendly
- Opportunities for Drupal:
- 1.5 million Drupal sites
- 6.7% of all CMS sites use Drupal
- 30% of all sites are CMS
- 25x growth over next 5 year
- Drupal 8 : Embraces Symfony 2, Restful web services, HTML5 responsive design
- Symfony 2: Set of reusable PHP component, robust, well tested, healthy welcoming community
Keynote (3/21) by Mitchell Baker : Collaborative Development, the "Maker" Ethic and Internet Freedom
- Importance of open building blocks
- Ability to create
- Ability to participate
- Precursor to Internet freedom
- Mozilla’s mission
- Consumer products (Firefox, marketplace, open web devices)
- Web Maker (journalism, films, learners )
- Web building blocks: HTML/CSS, JSàMobileàVideoàIdentityàSocial àOpen WebAppsàWebMakes
- New technologies from Mozilla
- Boot to Gecko http://www.mozilla.org/en-US/b2g/ in partnership with Telefónica
- HTML5 Media Framework http://popcornjs.org/ ,Drupal Module: https://github.com/douglasmiller/drupal-popcorn, Demo: http://webmademovies.etherworks.ca/popcorndemo/
- Single Sign On :http://www.mozilla.org/en-US/persona/
Keynote (3/22) by Luke Wroblewski : Mobile First
- Web products should be designed for mobile first
- Designing the mobile app first forces us to strip down to essentials
- 371K babies born per day , 1.5 million mobile devices activated per day
- 6 billion mobile connections, 12 billion in 2020
- $131 M PayPal mobile payments processed in 2009, $4B in 2011
- Twitter 55% mobile users
- Pandora 70% mobile users
- Yelp 85% searches on mobile
- Facebook 50% mobile web traffic
- Reduce request and file size
- Take advantage of HTML5
- Design for speed: adaptive pre-loading
Session: Tame the Burrito: Understanding the Five Layers of Drupal
- Caching problem: Each module tries to implement its own caching mechanism
- Drupal: 5 layer stack
- Web framework (e.g. HTTP Request, Response caching, Database access )
- Building Blocks (e.g. Nodes, Fields, Views, Regions, Blocks)
- Building Tools (e.g. Field UI, Views UI, Features, Drush, Admin structure)
- Distinct Features (e.g. My Dashboard, Photo Gallery, Newsletter, Surveys, Wikis)
- Products (e.g. Drupal Garden, OpenPublic, The Grammies)
- Separate form validation logic from Drupal form validation API so that Drush, SimpleTest or installation profile can use it
Session: Native Mobile Application Development on Drupal
- Why not native?
- Titanium supports multiple devices
- Rapid Prototyping
- Why Native?
- Faster Performance
- Manage errors on side of stack
- No waiting on API update
- Development process
- Get idea on paper
- Wireframe ( Use tools: Briefs or Omnigraffle)
- Design
- Development
- Mobile Stack:
- Mobile Apps ßServices ßDrupal
- Tools:
- Drupal iOS SDK https://github.com/workhabitinc/drupal-ios-sdk
- Android Drupal APIs: Dandy https://github.com/workhabitinc/dandy
- Service log http://drupal.org/project/services_log
- Services module: use Oauth 3 legged authentication
Session: Science on Drupal
- Drupal uses in science
- Libraries
- OpenScholar
- Social science
- Drupal test portal driven by VIVO . VIVO is a simple CMS ,uses RDF and OWL , available as VM
- Amazon Mechanical Turk Integration
- DNA/RNA databases
- Pubic facing research showcase
- Archive & preserve data
- Medical data
- podaac.jpl.nasa.gov
Session: ESIP Commons
- Notes by Erin: https://docs.google.com/a/esipfed.org/document/d/1qCBTHuKXhorEBZ7hpyKydCEnONmPGqqhnZdVdPaYYLo/edit?pli=1
Session: Drupal Security for Coders - How to Avoid "All Your Base Are Belong To Us"
- Why care?
- Security is business
- Affects your good name
- Your site is useful for bad guys no matter if it is big or small
- Keep up to date
- Subscribe to security advisory emails
- Have a consistent method for updating your site
- Checklist:
- Other than admin do not let anyone use Full HTML or PHP filter
- Most vulnerabilities are in custom theme and templates
- Use Drupal DB APIs
- Use Drupal Form API
- In doubt? Use check_plain()
- For URL: check_url()
- For plain text: check_plain()
- For Rich text: check_markup()
- For HTML: filter_xss()
- XSS is major vulnerability, SQL injection is another
- Failure to escape user input or output
- You can do almost anything
- http://drupalsecurityreport.org/
- In DB APIs, use place holder
- XSS can happen via IMG tags
- Can run JS on 3rd party site
- Both GET and POST are vulnerable
- Form tokens or URL tokens tied to your session protect your
- When not using form API, use drupal_get_token() and drupal_valid_token(). See Flag module for example
- Dev/Themer Harmony
- User preprocess functions to provide safe variables for use in theme template
- In Drupal 7 may need to be used with render()
- JS can do XSS better than humans
- Just loading a malicious third party site can hack your Drupal account
- CSRF:
- Use form token when there is a link to click
- Own caching can have problem: Need per use cache
- Do not use password based SSH (use key based SSH)
- Drupal 7: $query->addTag(‘node_access’);
- Drupal Modules:
- security_review
- Coder
Session: Fast flexible architecture
- Engineering axes
- Fast to run
- Low memory
- Scalability
- Modifiability
- Extensibility
- Human axes:
- Usability /UX for end users
- Understandability for developers
- Learnability for both
- Maintainability
- Command line is very powerful
- § Graphical is learnable, slows down interface
- QA axes
- Testability – ability to write test
- Verifiability – code will do what is supposed to do
- Who cares?
- Your client
- Your boss
- You in 6 months (to fix performance & scalability)
- To what extent do I care about mobile:
- Responsive design limits
- Target Audience
- Look at traffic logs, browser stats
- Responsive design is not always needed
- Hand coding is ok for site –specific
- Node reference in Drupal 5 loads all node: very bad
- Overridable by any module or by any specific site
- Do I care if operation is fast?
- Modifiability vs. performance
- Expediency vs. Modifiability
- Extensibility vs. Testability
- Extensibility vs. Understability
- Verifiability vs. Expediency
- Can’t prove PHP code is correct mathematically ( do not use for nuclear reactor)
- Your job is to balance -> what is worth my time -> write most appropriate code
- Drupal assumes everything a page -> symphony solves this problem -> serves only parts -> symphony already implemented what Drupal 8 wanted
- Put varnish & memcache at least ( Acquia cloud & Pantheon uses it)
Session: Symfony
- ‘Drupal way’ is not used in other PHP community
- Drupal is barriers to entry for developer
- Refactor towards a ‘framework’ core
- Drupal needs more standardized framework
- Synfony 2 is MIT licensed , on github
- Synfony 2 is a reusable set of standalone cohesive PHP components that solve common web development problems
- An object oriented set of classes
- Compatible with PHP 5.3 & later
- A full stack web framework
- http://tools.ietf.org/html/rfc2616 must read for PHP developer
- http://en.wikipedia.org/wiki/Edge_Side_Includes
Session: Views for developer
- Views Modules
- Views slideshow module
- Views bulk operation
- Semantic view module
- Views link area module
- Display suite module
- Fences module
- Result /page summaries
- Views documentation http://api.drupal.org/api/views/groups
- Webform views integration https://github.com/derhasi/webform/tree/master/views , https://github.com/derhasi/webform/blob/master/views/webform.views.inc
Session: Drush 5
- New features
- Shell –alias
- Windows compatible installer sponsored by Microsoft
- Drush make in Drush core
- Drush Autocomplete
- Built in server
- Drush quickdrupal command
- Drush runner for Queue api
- Drush support for multi site setup
- Drush site-set command
Session: Delivering Drupal
- Everybody needs to use Jenkins: http://jenkins-ci.org/ & http://jenkins-php.org/
- Use PHP build systems : http://www.phing.info/trac/, https://github.com/indeyets/pake/wiki , https://github.com/mlively/Phake/wiki
- Try http://drupal.org/project/stage_file_proxy, http://drupal.org/project/deploy
- For code deploy http://drupal.org/project/drush_deploy
- Use PHPUnit, selenium etc
- Ruby:https://github.com/jnicklas/capybara
- http://cukes.info/
- PHP : http://behat.org/
- Vagrant: http://vagrantup.com/, http://drupal.org/project/vagrant